60,000 USDC
Submission Details
Severity:
There is no proper check on range
Summary
There is a check missing to ensure the starting and ending of a range to be in proper condition and work correctly
Vulnerability Details
In erc721_bridgeable.cairo::mint_range function there isnt a check which ensures start of a range is always lesser than the end.
fn mint_range(ref self: ContractState, to: ContractAddress, start: u256, end: u256) { @audit-info no proper range check
let mut token_id = start;
loop {
if token_id == end {
break ();
}
self.mint(to, token_id);
token_id += 1_u256;
}
}
Impact
As there is no check to ensure the start of a range is always smaller than the end if someone makes mistake while entering the parameters it can lead to discrepancies in the function.
https://github.com/Cyfrin/2024-07-ark-project/blob/main/apps/blockchain/starknet/src/token/erc721_bridgeable.cairo#L141
Tools Used
Manually
Recommendations
add a check to ensure everytime `start<end`...
Updates
Lead Judging Commences
n0kto 12 months ago
Submission Judgement Published Reason: Non-acceptable severity
Assigned finding tags:
Informational / Gas
Please, do not suppose impacts, think about the real impact of the bug and check the CodeHawks documentation to confirm: https://docs.codehawks.com/hawks-auditors/how-to-determine-a-finding-validity A PoC always helps to understand the real impact possible.
Prize pool breakdown
Total prize
60,000 USDC
nSLOC
2,30126 USDC / LOC
50,000 USDC
5,500 USDC
4,500 USDC
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.